Financial Armageddon aside, less damaging forms of spyware and adware have their own downsides. From the standpoint of simple irritation (or user's rights), nobody likes to see an unwanted piece of software changing home page selections, resetting search engines, or installing unwanted toolbars, ad engines, or other things designed to enhance somebody else's opportunities to take advantage of your Internet access. Likewise, because some adware or spyware causes system performance to degrade, or makes systems unstable, it's simply got to go. In Chapter 4, you should have gotten the sense that manual removal of spyware or adware can be time-consuming, tedious, and sometimes downright difficult. Because that's increasingly the case as new forms of adware and spyware are discovered, I believe installing antispyware/anti-adware software is both appropriate and effective.

Remember also that there are two ways in which antispyware/anti-adware software is designed to be used:

Scanning, detection, and removalThis uses the software to systematically examine a system's memory, important data structures, and files to look for traces of spyware or adware. During the scanning process, all such identifications are logged and then reported to the PC's user. Users can decide on a wholesale or a per-item basis which items they might wish to keep or remove, after which the software handles cleanup and removal activities automatically for all selected items.

Real-time detection and blockingThis requires that antispyware/anti-adware software be running all the time, and that it be allowed to inspect all incoming data on a PCinstant messages, file transfers, e-mail, Web pages (and active content), and so forth. If the antispyware/anti-adware software sees something it recognizes as malign, it can block it from entry and either alert the user or write a log entry to a file. If it sees something suspicious (or potentially risky, like a change to your Windows Startup Items), it can warn the user of a pending change or arrival and require the user to grant explicit permission before it will be allowed to proceed.

At this point, it's entirely reasonable to ask: "Where does antispyware/anti-adware software get the information it needs to recognize known items?" and "How does antispyware/anti-adware decide what represents suspicious behavior?" The answers both come from deep inspection and analysis of known instances of spyware and adware, as does the answer to another important question: "Given some known spyware or adware item, how does antispyware/anti-adware know how to clean up after it and remove all traces of its existence?"

In an important sense, all antispyware/anti-adware software consists of four important parts:

 Software that monitors system activity and is able to intercept certain types of activity or data transfer that might contain spyware or adware. This means inspecting incoming data and alerting users about specific types of behavior associated with adware or spyware (changing search or home page defaults, adding toolbars or Startup Items, and so forth). This maps to the blocking function that requires antispyware/anti-adware software always to be running in the background.

 A database of telltale filenames, Registry keys, and other information it can use to profile known spyware to compare against observed characteristics on some particular system, or in data seeking entry into a system. This kind of information is generally called a definition or a signature because it helps to identify specific items of adware, spyware, or other unwanted software. This database maps to the scanning and identification function whereby antispyware/anti-adware software inspects all files, memory, the Windows Registry, and anywhere else such software might leave telltale traces behind.

 A database of cleanup activities associated with specific adware or spyware items, so that once they're recognized, cleanup and removal can be automated and users relieved of that responsibility and effort. Should a scan ever report signs of infection, this makes it relatively easy to initiate cleanup and removal operations.

 A reporting tool that can gather information about a system that shows symptoms of infestation, but where no known spyware or adware can be identified. (The software can also use the same facility to report bugs or other failures about itself as well.) Although users can refuse to share such data with software developers or vendors, this is a valuable means of data-gathering when new forms of adware or spyware are encountered in the wild, and provides important clues (and can often lead directly to the offending software) that will help in the creation of spyware or adware definitions and cleanup/removal tools to counter them.

Hopefully, it's obvious why any scan should be preceded by a download of the latest software updates and any new adware or spyware definitions: the latest and greatest software and databases will maximize chances of detecting and cleaning up after something new.

Tip
To get the best results from scanning a system for adware or spyware (or malware, too, for that matter), always make sure the scanning tool and its database of definitions are as current as possible before you start. It usually takes just a minute or two to check, and it's worth the extra time and effort involved-if only for increased peace of mind!